The Hacker News — Cyber Security, Hacking, Technology News

Now you can hijack nearly any drone mid-flight just by using a tiny gadget.

Security researcher Jonathan Andersson has devised a small hardware, dubbed Icarus, that can hijack a variety of popular drones mid-flight, allowing attackers to lock the owner out and give them complete control over the device.

Andersson, who is the manager of Trend Micro's TippingPoint DVLab division, demonstrated this new hack at this year's PacSec security conference in Tokyo, Japan on Wednesday.

Besides Drones, the new gadget has the capability of fully hijacking a wide variety of radio-controlled devices, including helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx.

DSMx is a protocol used to facilitate communication between radio controllers and devices, including drones, helicopters, and cars.

This is not the first hardware that can hijack drones mid-flight. There are jamming devices available in the market that block controlling radio signals and render a drone useless. However, these devices do not give you control like Icarus does.

Icarus works by exploiting DMSx protocol, granting attackers complete control over target drones that allows attackers to steer, accelerate, brake and even crash them.

The loophole relies on the fact that DSMx protocol does not encrypt the 'secret' key that pairs a controller and hobbyist device. So, it is possible for an attacker to steal this secret key by launching several brute-force attacks, Andersson explained in his presentation.

Once the drone hijacker, Icarus box, grabs the key, an attacker can send malicious packets to restrict the original owner of the drone from sending legitimate control commands. Instead, the drone will accept commands from the attacker.

You can also watch the demonstration video to learn more about Icarus box.

There's little to be done to mitigate this issue, and affected manufacturers are releasing patches and updated hardware, and securing the industry-wide encryption protocol in future drones.

"My guess is that it will not be easy to completely remedy the situation. The manufacturers and partners in the ecosystem sell standalone radio transmitters, models of all kinds, transmitters that come with models and standalone receivers," Andersson told Ars Technica.

"Only a certain set of standalone transmitters have a firmware upgrade capability, though the fix is needed on the model/receiver side."

Icarus has not been made available for sale, but this kind of gadget could benefit law enforcement as well as people who are worried about their safety and privacy. However, same could also be used for nefarious purposes.

So, next time if any annoying drone fly your overhead? Just hijack it and land it safely, rather than shooting it down.

The Air Force is investigating the connection between the failure of its classified network, dubbed SIPRNet, at Creech Air Force Base and a series of high-profile airstrikes that went terribly wrong in September this year.

Creech Air Force Base is a secret facility outside Las Vegas, where military and Air Force pilots sitting in dark and air-conditioned rooms, 7100 miles from Syria and Afghanistan, remotely control their "targeted killing" drone campaign in a video-game-style warfare.

From this ground zero, Air Force pilots fire missiles just by triggering a joystick on a targeted areas half a world away, as well as operate drones for surveillance and intelligence gathering.

Drone operation facility at Creech Air Force Base -- a key base for worldwide drone and targeted killing operations -- has been assigned as ‘Special Access Programs’, to access SIPRnet.

What is SIPRnet?

SIPRNet, or Secret Internet Protocol Router Network, is a global United States military Internet system used for transmitting classified information, intelligence, targets, and messages at the secret level.

In other words, SIPRNet is completely parallel Internet, uses the same communications procedures and has been kept separate from the ordinary civilian Internet.

Approximately 3 Million people with secret clearances have access to SIPRNet, which includes Pentagon and military officials, Intelligence agencies, FBI, as well as diplomats in US embassies all around the World.

Classified Network Crashed at Creech Base

The network at Creech Air Force Base was crashed in early September that impacted "critical services," and has not been completely rebuilt, according to US government contracting records.

"On 9 September 2016, the SIPRNet system currently in operation at Creech AFB failed, and critical services were impacted," reads a contracting notice posted by the US government in early October.

"The services were somewhat restored with the use of multiple less powerful devices. This temporary solution stabilized the services, but will not be able to maintain the demand for very long. If this solution fails, there is currently no other backup system."

The officials would not say whether the failure was due to internal technical faults, a cyber attack, or a state-sponsored hacker. They would also not say if JWICS — a separate internet system that handles top-secret information — at Creech was also affected.

US Drones Killed around 100 Innocents within Two Weeks

Within weeks of the computer disaster, a series of airstrikes went terribly wrong, which resulted in scores of deaths in Syria, Afghanistan, and Somalia, according to BuzzFeed News.

On September 17, 62 Syrian soldiers were accidentally killed by US airstrikes in the middle of a ceasefire. On September 28, 15 innocent civilians were reportedly killed in Afghanistan by a US drone, as well as 22 Somali soldiers were reportedly killed in Somalia by US drone strikes.

All the cases are under review and investigation, and there has been no official explanation for targeting innocent people, though the United States expressed its regrets quickly after the incident, according to reports.

On October 7, the Air Force quietly announced that Creech base would be subject to a surprise cyber security inspection and warned personnel to be wary of phishing attacks and to be extra careful in securing their login credentials.

Has U.S. Classified Network Been Hacked?

These classified networks are definitely not connected to the Internet, but this does not mean that malware or well-resourced hackers can never found their ways into these critical networks.

If confirmed, this would not be the first time, when a classified computer network of US military has been compromised.

In the year 2008, The Pentagon acknowledged a significant cyber attack, Operation Buckshot Yankee, where a foreign intelligence agent used a USB drive to infect military computers used by the Central Command in overseeing combat zones in Iraq and Afghanistan with a specially crafted malware.

You might be aware of Chelsea Manning (then known as Bradley Manning), an army soldier who made headlines in 2013 when she was sentenced to 35 years in prison for leaking over 700,000 classified files to WikiLeaks.

Manning allegedly downloaded those secret documents from SIPRNet using a Lady Gaga CD.

Since these classified networks have a significant role in US national security, terrorist groups and state-sponsored hackers belonging to sophisticated nation-states like China, Russia, Iran, and North Korea have always shown large interest in targeting them.

So what do you expect from an Artificially intelligent program run by the government intelligence agency?

Possibly killing innocent people.

The real-life SKYNET, the fictional malevolent artificial intelligence in the Terminator movies, run by the US National Security Agency (NSA) is a surveillance program that uses cell phone metadata to track the GPS location and call activities of suspected terrorists, who may be shot by a Hellfire missile.

Now, a new analysis of previously published NSA documents leaked by former NSA staffer Edward Snowden suggests that many of those people killed based on metadata may have been innocent.

Last year, the leaked documents detailing the NSA's SKYNET programme published by The Intercept showed that NSA had used a machine learning algorithm on the cellular network metadata of 55 Million people in Pakistan to rate each citizen's likelihood of being a terrorist.

You need to know that the US drone bombing campaigns in Pakistan have been raging for years.

Elementary Errors in SKYNET

However, the spy agency has made elementary errors in their machine-learning algorithm, which lead to the generation of thousands of false leads, potentially exposing innocent people to remote assassination by drone.

One of the leaked slides claimed that SKYNET has a false-positive rate of 0.008%, in some cases, and the NSA was using about 55 million people’s phone records for SKYNET.

But, Ars Technica points out that, even at this minute rate, many innocent people are possibly mislabeled. Some of the NSA's tests even saw higher error rates of 0.18%, which means mislabeling nearly 99,000 people out of the 55 Million.

"There are very few 'known terrorists' to use to train and test the model," Patrick Ball, the executive director of Human Rights Data Analysis Group, told the site. "If they are using the same records to train the model as they are using to test the model, their assessment of the fit is completely bullshit."

The purpose SKYNET serves is not clear yet. Although SKYNET could be part of non-violent surveillance programs, like tracking and monitoring suspected terrorists, Ars suggests this technology could potentially be used to target drone strikes.

US Drone Strike Killed Almost 4,000 People

Since 2004, the United States government has carried out hundreds of drone strikes against alleged terrorists in Pakistan and killed somewhere between 2,500 and 4,000 people, the Bureau of Investigative Journalism reported.

The NSA has not yet commented on how the agency used SKYNET, and how the technology was trained.

But Does Killing people "Based on Metadata" actually make sense?

Maybe it is easy to say YES, it makes sense as it happened or is happening far away in a foreign land. But imagine if SKYNET gets turned on us.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

In a joint surveillance program, the US intelligence agency NSA (National Security Agency) and the British intelligence agency GCHQ (Government Communications Headquarters) hacked into, decrypted, and tracked live video feeds of Israeli Military Drones and Fighter Jets.

This could be one of the most shocking and embarrassing disclosures for Israel, who is the United States’ ally and prides itself on its technical capabilities.

Published by The Intercept, the newly released documents from the former NSA contractor Edward Snowden revealed that in an operation dubbed "Anarchist," UK and US intelligence officials have been…

...regularly accessing Israeli drone cameras, allowing them to watch live video feeds from drones and fighter jets while Israel bombed Gaza and spied on Syria.

How did the Intelligence Agencies Hack into Israeli Drones?

The Documents revealed that British Intelligence agency has installed Military-grade Interception systems at Royal Air Force compound in the Troodos Mountains (Cyprus), which is geographically very near to Israel and Syria.

These Surveillance tools are capable of intercepting analog video feeds from Israeli and Syrian drones.

With the help of some open-source software like Image Magick and AntiSky, agencies were able to decrypt and convert scrambled data from remotely piloted aircraft in order to track the movement of drones.

The report includes several snapshots of Israeli drones collected in 2009 and 2010 that clearly indicates that Israel has drones with missiles and attack capabilities, which Israel doesn't publicly acknowledge.

One snapshot revealed by The Intercept shows an Israeli IAI Heron Drone — a high-altitude strike drone with 350 kilometers range that is capable of carrying a weapon of a 1-ton load and staying aloft for more than 40 hours.

Despite these leaked images offer the first direct public evidence that Israel flies attack drones, they provide rare visual evidence to support reports that aren't clear enough to conclude anything right now.

The use of Unmanned Aerial Vehicles (UAVs), popularly known as Drones, is rapidly transforming the way crimes are conducted, and this story helps prove this right.

Maryland State Police arrested two men – Thaddeus Shortz and Keith Brian Russell –suspected of allegedly trying to smuggle drugs and porn into a state prison using a drone, according to law enforcement authorities.

The men, with the intention to fly a Yuneec Typhoon drone into local jails, were arrested near the Western Correctional Institution and the North Branch Correctional Institution in Cumberland, Maryland late Saturday.

The authorities seized:

A Yuneec Typhoon drone, which retails for around $1,300

Synthetic marijuana (also known as "Spice")

Pornographic DVDs

Tobacco

Prescription drugs

A mobile phone

A loaded pistol

However, the pistol likely was not going to be carried by the drone as it was apparently too heavy that it probably would have weighed down the aircraft.

What's Authorities Biggest Fear?

Larger drones exist that could even carry a gun, Stephen T. Moyer, secretary of the Maryland Department of Public Safety and Correctional Services, told reporters at a press conference on Monday.

"That's my biggest fear," Moyer said. "The use of these drones to bring this type of contraband into a facility is very, very troubling, and we're going to address it."

Moyer is now planning to ask for up to $400,000 for each of the state's 27 correctional facilities to build drone detection infrastructure, Associated Press reported.

This is not the first time when criminals have tried to use drones for illegal prison special deliveries. A similar incident took place in late July when a drone dropped a package of marijuana, heroin and tobacco in an Ohio prison.

Chinese smartphone maker OnePlus who recently announced that the company is planning to launch its latest flying drone, OnePlus DR-1, saying it would be a "Game Changer."

There have already been some speculations about a drone from OnePlus circulating on the Internet, but now the company has confirmed during a Reddit AMA (Ask Me Almost Anything) session that OnePlus DR-1 (aka DR-ONE) will land on its online store next month.

OnePlus also posted a Vine video on Tuesday with the caption "Feeling adventurous? The DR-1 is flying to our store next month. #OneGameChanger." The six-second short video did not give much information about the new drone, but it hints more or less that the company is working on a drone.

The product page of DR-1 sectioned impressive lines such as "innovating a whole new way of thinking about drones" and telling users to "experience the next age of aviation technology with effortless transportation and storage" with this tiny 70mm-wide flying machine.

You may have caught by now that OnePlus DR-1 is an April Fools' day prank, but the company has turned its prank into pretty much reality by actually selling the tiny quad-copters, which will be available in limited quantity for just $20 (about AU$25 or £15).

HA! The so-called game changer actually came out to be a tiny quadcopter, which is about half the size of the OnePlus One.

SPECIFICATIONS OF ONEPLUS DR-1

Flight time of 7 to 8 minutes

Needs a recharge for 20 minutes between flights

Weight of just 12.5 grams

Frame size of about 70mm (2.75-inch)

DR-1 is a red-colored plastic chassis with four blades and features ultra-bright orientation LEDs. It fits in the palm of your hand and comes with an Infrared (IR) remote controller that has dual flight mode settings. So, it seems like you’ll not be able to use your phone to pilot DR-1, the controller is used to do so.

So if you act fast, there is a chance for you to grab one from the company's website, which will be shipped only to a US address.